©THEBRIGHTSTARS 2024
CDEO - Chapter 2 Exam Questions With
Revised Answers
(HIPAA) - answer✔✔Health Insurance Portability and Accountability Act of 1996
HIPAA was enacted on _________. - answer✔✔August 21, 1996
HIPAA aka as ______ bill, was originally enacted to provide rights and protections for
participants and beneficiaries of group health plans. Under this law, exclusions for preexisting
conditions were limited, and discrimination against employees and dependents based on their
health status were prohibited. - answer✔✔Kennedy-Kassebaum
HIPAA also established the Healthcare _____ and _____ Control Program, a far-reaching
program in healthcare, including both public and private health plans to combat both -
answer✔✔Fraud, Abuse
HIPAA _______ provisions required that sections of the law be publicized to explain the
standards for the electronic exchange, privacy, and security of health information. -
answer✔✔Administrative Simplification
Congress did not enact privacy legislation within the specified time governed by HIPAA. The
U.S. Department of Health and Human Services (HHS) developed a proposed rule, which was
released for comment on November 3, 1999. Many comments were received, and modifications
were made to the rule. The modifications were published and released in final form on ______. -
answer✔✔August 14, 2002
_____ issued a privacy rule to set a national standard for the protection of certain health
information. - answer✔✔HHS
The _______ standards address how an individual's protected health information (PHI) may be
used. Its purpose is to protect individual - answer✔✔Privacy Rule
- answer✔✔privacy, while promoting high-quality healthcare and public health and well-being.
The Privacy Rule was designed to be ______ and ______, to allow for the various uses and
disclosures the healthcare community must address. - answer✔✔flexible, comprehensive
____ covered entities are required to follow the Privacy Rule. - answer✔✔All
, ©THEBRIGHTSTARS 2024
Covered entities are defined as health _____, healthcare ________, and any healthcare
_________ who transmits health - answer✔✔plans, clearinghouses, provider
- answer✔✔information in an electronic format.
Health ______ covered entities are organizations that pay providers on behalf of an individual
receiving medical care. These plans include health, dental, vision, and prescription drug insurers.
Some examples include health maintenance organizations (HMOs), Medicare, Medicaid, -
answer✔✔plan
- answer✔✔and Medicare supplement insurers, as well as employer, government, and church-
sponsored group health plans. There are exceptions: An employer who solely establishes and
maintains the plan with fewer than 50 participants is exempt. Two types of government-funded
programs
- answer✔✔are not health plans: food stamps and community health centers. Insurers providing
only worker's compensation, automobile insurance, and property and casualty insurance are not
considered to be health plans.
All healthcare ________ who electronically transmit health information through certain
transactions are covered entities. Some examples of transactions that may be submitted
electronically are claim forms, inquiries about the eligibility of benefits, and requests for
authorization of referrals. Simply using electronic technology, such as sending emails, does not
mean a healthcare provider is a covered entity; the transmission must be in connection with a
standard transaction. The rule applies to all, regardless of whether they transmit the transactions
directly, or use a billing service or other third party to transmit on their behalf. They are defined
as providers of services, such as hospitals, and providers of medical or health services, such as
physicians, dentists, and other practitioners who furnish, bill, or receive payment for healthcare. -
answer✔✔providers
Healthcare ________ include billing services, repricing companies, and community health
management information systems that process nonstandard information, received from another
entity, into a standard (ie, standard format or data content) or vice versa. In most instances,
healthcare clearinghouses receive individually identifiable information for processing services to
a health plan or healthcare provider as a business associate. In these cases, only certain
provisions are applicable to the clearinghouses' uses and disclosures of protected health
information. - answer✔✔clearinghouses
_______ occur through electronic exchanges, which allow information to be transferred between
two parties for specific purposes. - answer✔✔Transactions
A healthcare provider will send a claim to a health _____ to request payment for the medical
services he or she provides. - answer✔✔plan
, ©THEBRIGHTSTARS 2024
_____ regulations standardized transactions for Electronic Data Interchange (EDI) of healthcare
data. These transactions are: claims and encounter information, payment and remittance advice,
claims status, eligibility, enrollment and disenrollment, referrals and authorizations, coordination
of benefits, and premium payment. - answer✔✔HIPAA
Under _______, electronic transactions must use the adopted standard and adhere to the content
and format requirements of ASC X12N or NCPDP (used for certain pharmacy transactions) for
each transaction. An additional rule was adopted to standardize the code sets for diagnoses and
procedures. These code sets include: HCPCS (Healthcare Common Procedure Coding System—
ancillary services and procedures); CPT® (Current Procedural Terminology—physician's
procedures); CDT® (Current Dental Terminology—dental procedures); ICD-9 (International
Classification of Diseases-9th revision— diagnosis and inpatient hospital procedures); ICD-10
(International Classification of Diseases-10th Revision, which replaced ICD-9 on October 1,
2015); and NDC (National Drug Codes). - answer✔✔HIPAA
In addition to the standardization of the codes used to request payment for medical services, a
_______ for employers and providers must be used on all transactions. - answer✔✔unique
identifier
_______ perform certain functions or activities, which involve the use or disclosure of
individually identifiable health information, on behalf of another person or organization, without
being a member of the entity's workforce. These services include claims processing or
administration, data analysis, utilization review, billing, benefit management, and re-pricing. -
answer✔✔Business associates
_______ associate services to a covered entity are limited to legal, actuarial, accounting,
consulting, data aggregation, management, administrative, accreditation, or financial services. -
answer✔✔Business
To be considered a business associate, the persons or organizations would involve the use or
disclosure of ________ between the two parties. - answer✔✔protected health information
A covered entity ____ be a business associate of another covered entity. - answer✔✔can
HITECH - answer✔✔Health Information Technology for Economic and Clinical Health Act
The ______ enacted as part of the American Recovery and Reinvestment Act (ARRA) of 2009,
also specifies that an organization that provides data transmission of PHI to a covered entity and
that requires access to PHI routinely, such as a Health Information Exchange Organization, will
be treated as a business associate. - answer✔✔HITECH
A _______ is required between business associates to impose specified written safeguards on the
individually identifiable health information used or disclosed by the business associate. It must
describe the permitted and required uses of protected health information by the business
